lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20180110154318.GC14178@1wt.eu>
Date:   Wed, 10 Jan 2018 16:43:18 +0100
From:   Willy Tarreau <w@....eu>
To:     Borislav Petkov <bp@...en8.de>
Cc:     Ingo Molnar <mingo@...nel.org>, Andy Lutomirski <luto@...nel.org>,
        LKML <linux-kernel@...r.kernel.org>, X86 ML <x86@...nel.org>,
        Brian Gerst <brgerst@...il.com>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Josh Poimboeuf <jpoimboe@...hat.com>,
        "H. Peter Anvin" <hpa@...or.com>, Kees Cook <keescook@...omium.org>
Subject: Re: [RFC PATCH v2 2/6] x86/arch_prctl: add ARCH_GET_NOPTI and
 ARCH_SET_NOPTI to enable/disable PTI

On Wed, Jan 10, 2018 at 03:45:06PM +0100, Borislav Petkov wrote:
> On Wed, Jan 10, 2018 at 08:25:08AM +0100, Ingo Molnar wrote:
> > We could taint the kernel and warn prominently in the syslog when PTI is disabled 
> > globally on the boot line though, if running on affected CPUs.
> > 
> > Something like:
> > 
> >  "x86/intel: Page Table Isolation (PTI) is disabled globally. This allows unprivileged, untrusted code to exploit the Meltdown CPU bug to read kernel data."
> > 
> 
> I think we should warn in the per-mm disabling case too. Not the same
> text but a similar blurb about the trusted process becoming a high-value
> target.

Well, we don't warn when /dev/mem is opened read-only, even not when
it's opened R/W, and it exposes the contents much better. Tainting is
first a support help so that developers don't waste time debugging
something that might have been altered. In this case nothing got
altered. At best(worst?) things might have been disclosed. That said
I'm all for at least tainting when running with pti=off at least to
educate users.

Willy

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ